About Larry Sullivan

Larry Sullivan · 09-23-2024

Wondering if anyone has seen this issue before. Laptop on WiFi>Firepower(7.2.5) RA VPN>ISE(3.3 with posturing)Laptop will connect to VPN, issue happens on AC 4.10 and Secure Client 5.1.5.65. Once posture starts to run, at 10% mark, it will say compl...

Larry Sullivan · 08-23-2024

C9300-24UCisco IOS XE Software, Version 16.12.04Currently BW is at the below rate on a 10Gb uplink (T1/1/1) (routed)30 second input rate 104.78 mega-bits/sec , 10.79 Kpps30 second output rate 71.62 mega-bits/sec , 11.24 KppsIf I increase BW by 100Mb ...

Larry Sullivan · 12-08-2023

Can ISE limit restconf commands sent to network devices? Essentially a program was built to clear arp on ASRs and also shut/no shut specific interfaces on C9500s. Can we limit the commands to just that via ISE? I'm not tasked with implementing thi...

Larry Sullivan · 06-22-2023

Things to consider:1.) I have a TAC open for over a month now with no real movement on resolving the issue.2.) The description of the issue is short because I've spent countless hours looking into this and narrowing down the issue.We are running into...

Larry Sullivan · 11-18-2022

Hi,Anyconnect client isn't trusting the ISE certificate for posturing upon connection due to it being a self signed certificate.I have tried certificate pinning in VPN editor but that made it so I get an error upon connection saying can't connect at ...

Larry Sullivan · 06-26-2025

With our newer IOS-XE we have to enter the below command to allow us to ssh to it as it breaks ssh with securecrt, and older IOS-XE devices."ip ssh server algorithm mac hmac-sha2-256 hmac-sha2-256-etm@openssh.com"

Larry Sullivan · 01-23-2025

Interesting. Here is what I'm getting on a MAC vendor lookup. "E-Globaledge Corporation". Seems to be a Chinese company. Never heard of transactions being tracked according to a MAC."E-Globaledge Corporation offers technology services. The Company...

Larry Sullivan · 12-19-2024

Do you have "ip igmp version 3" configured on associated SVIs? Is 10.0.0.20 the Speaker IP?

Larry Sullivan · 10-30-2024

EDIT: Ignore the below. Looks like I'm still not sure why you're trying to do what you're trying to do and why you're doing it the way you're trying to do it. Good luck. Hope you get it sorted. To be clear, when I say active/passive I mean you h...

Larry Sullivan · 10-30-2024

They have the same tunnel IP. Seems like you're trying to do some sort of active/passive. You should give your tunnel 3 a unique IP and it's own VRF and do active/active and use a dynamic routing protocol like BGP to do the failover.

Member Since	‎05-27-2017 12:58 PM
Date Last Visited	‎07-01-2025 02:56 PM
Posts	215
Total Helpful Votes Received	101

User Statistics

User Activity

RA VPN, ISE sending posture compliant DACL to unplugged ethernet intf

C9300-24U dropping transit ICMP when 10Gb Uplink around 200Mb.

Can ISE limit restconf commands on network devices?

c9500 Layer 2 multicast replication issue.

How to push ISE portal certificate (posture) to Anyconnect clients?

Re: RESTCONF or NETCONF when SSH isn't available?

Re: Information from a MAC Address

Re: Multicast Routing on a Nexus 9k

Re: DMVPN IPsec BGP tunnels with backup

Re: DMVPN IPsec BGP tunnels with backup